Rorroh's Blog

Just another weblog. Really. It is.

LulzSec’s “The Sun” Takedown July 20, 2011

Filed under: Hacking — Rorroh @ 11:00 am
Tags: , ,

LulzSec is still going strong, and their most recent victim, The Sun, should have seen it coming. I’m not talking about Murdoch’s infamous scandal, although that was really the only reason they attacked The Sun.

LulzSec seemed to manage to not just find a password to play around with, but actually post an article, redirect all users of the site to that article and then, in true form, leak many of their passwords. Surely this was an act of genius. Some little-known underground tricks must have played their part in this, right? As it turns out, The Sun has been vulnerable to attack since at least 2009. What’s more, the vulnerability turned out to be one of the easiest to spot and fix: A cross-site scripting vulnerability. The Sun seemed to be aware of it, but still put that version of the site on an alternate server — a big no-no in the security world.

All it took was that one cross-site scripting vulnerability and the rest was just a break-in waiting to happen. LulzSec used that vulnerability to make the older server a jump host, effectively using it as a tunnel to put JavaScript code into all the site’s articles. The Murdoch article itself, however, wasn’t really on The Sun’s website at all; it was actually being hosted on (now taken down, but the link should go to a archive of the page).



‘Tis the season — of hacking. December 22, 2010

Filed under: Hacking — Rorroh @ 10:27 pm
Tags: , , , , , , ,

‘Tis the season of hacking, it seems. There are multiple websites being targeted for various reasons:  PayPal, Amazon, Visa, FurAffinity, WikiLeaks.. the list goes on.  Seems to me that people have implicitly been given the “O.K.” to start doing this, even though it is illegal.  Still, many major websites are getting the butt-end of these attacks.

Of course, I use the term “hack” loosely.  In most cases, the attacks were simply “Distributed Denial of Service” (DDoS) attacks, which only cause a web server to be brought down, usually only temporarily, and usually require no hacking at all.  That said, they can cause massive damage to a server’s equipment.

This implicit “O.K.” seems to have stemmed from the attacks on WikiLeaks, which spurred many counter-attacks, including at least one on the the DoS’er going by the handle of “th3j35t3r.”  “th3j35t3r” is a “patriot hacker” that successfully brought down WikiLeaks using a tool that he calls “XerXes.”  Unlike DDoS’ing tools, XerXes seems to only need one person (Taking the first “D” off of “DDoS”).

As someone said not too long ago regarding this: “This is the sort of thing envisioned by the early hacker kids in the 80’s and 90’s. This is WarGames post-Cold War. This is the movie Hollywood couldn’t ever produce.”  This is completely right.  We are living in an era of “cyber warfare,” and we need to try to play it safe.  Secure your passwords, encrypt your connections, get behind 7 proxies.  The main groups of attackers are not trying to go after neutral users, but neither they nor I can speak for any rouges that could exploit this situation for their own personal gain.  Stay safe.

Now for the subject that seems to be in every FA user’s mind, of something that has happened very recently:
Note:  This is based on information that was personally gathered and I do not speak directly on behalf of FurAffinity or any of its administrators.  Treat this information as if you were reading it from a barely-known WordPress user’s blog post.

In FurAffinity’s case, there was hacking, and there was a breach of user accounts — but you can probably rest assured that your account was not compromised.  If I were you, I would change my password anyway.

The details are cloudy, but apparently there was a rape that occurred.  The victim, from what has been gathered, told.. someone (we’ll call him “Bob” for the sake of less confusion).. who found out that the rapist was a FurAffinity user.  Bob, out of rage towards the admins of FurAffinity, started what most have already figured out:  A sudden and seemingly well-coordinated attack on FurAffinity, allowing him to gain unauthorized access throughout the website.

With this access, he was able to leak out administrators’ notes and then go on to mess with several users’ galleries before finishing the job by launching a DDoS attack aimed at FurAffinity’s servers.  I’m not sure if this final attack was successful or not, but FurAffinity seems to be getting back on its feet quite nicely.  The software is currently being checked for more security holes, hopefully enough that any large vulnerabilities can be patched to prevent another epidemic.

The official report by FurAffinity’s Dragoneer can be found here.

I’m sorry it’s a bit disorganized, but I didn’t even know where to start. If there’s information that I’ve overlooked or am misinformed about, and I say this in hopes that anyone at all reads this blog post, please tell me. I’d love to have more information on the subjects, especially regarding “Bob” and the rape.